Director IT Security

Howard Hughes

4

(10)

The Woodlands, TX

Why you should apply for a job to Howard Hughes:

  • 4/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 90% say women are treated fairly and equally to men
  • 70% would recommend this company to other women
  • 75% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • HHC will be offering 100% paid maternity leave benefits for a 12-week period.
  • HHC will be offering a Child Bonding benefit of four weeks per event for any births, adoption or child fostering for all genders.
  • The Howard Hughes Corporation's Employee Growth Program offers employees $10k a year as part of our growth and career funds.
  • #REQ4744

    Position summary

    ward-winning master planned communities, as well as operating properties and development opportunities including: Downtown Columbia®, Maryland; The Woodlands®, The Woodlands Hills®, and Bridgeland® in the Greater Houston, Texas area; Summerlin®, Las Vegas; Teravalis, Phoenix and Ward Village® in Honolulu, Hawaii.

    About The Role

    The Director of IT Security is responsible for developing, implementing, and maintaining the enterprise vision, strategy, and program to safeguard HHH's systems and data. The Director IT Security will work closely with the executive and IT leadership teams and other stakeholders to develop and implement a comprehensive information security program that effectively manages risk and protects the confidentiality, integrity, and availability of critical systems and data.

    What You Will Do

    Information Security Strategy

    • Develop and lead the execution of the information security strategy, aligning it with the overall business objectives.

    • Define and communicate security policies, procedures, and standards across the organization

    • Continuously monitor industry trends and emerging threats to adjust the security strategy as needed.

    • Provide guidance to the executive leadership team and Board of Directors on comprehensive cybersecurity strategies and recommended actions.

    • Provide regular updates on the status of the IT cybersecurity program to Executive Leadership and the Board of Directors.

    Risk Management

    • Identify, assess, and prioritize security risks and vulnerabilities.

    • Implement risk mitigation strategies and security controls to safeguard the organization's assets.

    • Monitor and provide real-time analysis and mitigation of security threats.

    Security Governance

    • Establish and maintain an robust security governance framework.

    • Oversee compliance with relevant frameworks and regulatory requirements (e.g., GDPR, ISO 27001, NIST, etc.).

    • Ensure compliance with legal and ethical standards in information cybersecurity practices across the organization.

    Incident Response and Recovery

    • Develop and maintain a comprehensive incident response plan to address security events.

    • Lead incident response efforts, coordinate with external resources, and oversee recovery and remediation efforts.

    Security Operations

    • Lead the security operations in monitoring, detecting, and responding to security incidents and threats.

    • Manage and maintain security technologies such as intrusion detection systems, firewalls, and endpoint security solutions.

    • Develop and administer security awareness programs for company personnel to ensure that we are well-informed about security policies and best practices.

    • Conduct regular security assessments, vulnerability scans, and penetration testing to identify and remediate weaknesses in the organization's technology environment.

    Vendor and Third-Party Security

    • Continuously evaluate the security posture of third-party vendors and service providers.

    • Collaborate with Legal and Procurement teams to ensure that cybersecurity requirements are included in contracts and agreements with external parties.

    Budget and Resource Management

    • Develop and manage the information security budget, organization structure including staff and vendor cybersecurity organizations, cyber security technology stack, and training resources.

    • Ensure the efficient use of allocated resources to meet security objectives.

    Executive-Level Reporting

    • Assists in reporting to the most senior levels of the Company (Executive Team, the Board of Directors, and subcommittees). Reporting to include the Company's overall cyber strategy, cyber related metrics, industry updates, risk mitigation and the status on other cyber related initiatives.

    About You

    • Bachelor's degree in computer science, information technology, or a related field. Master's degree preferred.

    • Certified Information Systems Security Professional (CISSP) or equivalent certification.

    • Over 10 years of experience in information security, including a minimum of 5 years in a senior leadership role.

    • In-depth knowledge of cybersecurity principles, technologies, and best practices.

    • Strong understanding of regulatory requirements and compliance standards.

    • Excellent communication and leadership skills.

    • Proven ability to build and lead a high-performing cybersecurity team.

    • Excellent interpersonal, verbal, and written communication skills.

    • Ability to present complex information to all levels of the organization.

    • Capability to operate in a dynamic work environment with competing priorities.

    • A team oriented individual who can multi-task and is self-directed.

    • Demonstrates sound judgment in decision-making when not all information is available.

    • Strong problem-solving and critical thinking abilities.

    • Onsite presence required Mon-Thurs.

    This job description is not meant to be an "all-inclusive" list of the duties and responsibilities of this job. Other related duties and responsibilities may be assigned. The Company reserves the right to change or modify job duties as necessary based on business necessity.

    NOTICE TO THIRD PARTY AGENCIES

    Please note that Howard Hughes does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, HHH will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a signed agreement for any role, HHH explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Howard Hughes.

    Why you should apply for a job to Howard Hughes:

  • 4/5 in overall job satisfaction
  • 4.5/5 in supportive management
  • 90% say women are treated fairly and equally to men
  • 70% would recommend this company to other women
  • 75% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • HHC will be offering 100% paid maternity leave benefits for a 12-week period.
  • HHC will be offering a Child Bonding benefit of four weeks per event for any births, adoption or child fostering for all genders.
  • The Howard Hughes Corporation's Employee Growth Program offers employees $10k a year as part of our growth and career funds.